If you store the file in a folder under the Root directory of the site, there is always the possibility that someone will guess the URL and browse to it. You need to store your files in a non-browsable location such as App_Data, or outside the root of your
site. Then you can use a cshtml file to authenticate the user before streaming the file using the code above.
Mikesdotnett...
All-Star
154901 Points
19864 Posts
Moderator
MVP
Re: Download link for a .doc file
Dec 29, 2010 11:16 AM|LINK
If you store the file in a folder under the Root directory of the site, there is always the possibility that someone will guess the URL and browse to it. You need to store your files in a non-browsable location such as App_Data, or outside the root of your site. Then you can use a cshtml file to authenticate the user before streaming the file using the code above.
The general idea (although this example uses an HttpHandler instead of a cshtml file) can be got here: http://www.mikesdotnetting.com/Article/122/Simple-File-Download-Protection-with-ASP.NET
Beginning ASP.NET Web Pages with WebMatrix | My Site | Twitter